If you are going to continue to use the self-signed certificate, you need to rerun the wizard on the SBS console and use the same naming convention of your FQDN (whether its mail or remote). After you have done this, you will need to run the SBS client certificate installer onto the workstations needing OWA access. SBS 2008/11 is different in this regard, as importing the certificate through IE will not achieve what it wants to do.

That being said, I would recommend a UCC certificate as well. Its hard to beat a correctly configured auto-discovery.

basically the cert is wrong for the FQDNthe clients are using to access the RWW and Exchange services of your SBS.

i reckon that remote.domain.com.au and mail.domain.com.au both resolve to the same ip address, and therefore any configuration of client software (eg outlook) should point to the FQDN that is specified in the certificate. Otherwise they will always get this warning. without actually being able to see what the subject name and subject alternate names are on your certificate i cannot tell you which one you should be using. but looking at SBS management screen i would guess that you need to be using remote.... because that is the configured external FQDN and that is what would have been used when generating the certificate request

basically the cert is wrong for the FQDNthe clients are using to access the RWW and Exchange services of your SBS.

i reckon that remote.domain.com.au and mail.domain.com.au both resolve to the same ip address, and therefore any configuration of client software (eg outlook) should point to the FQDN that is specified in the certificate. Otherwise they will always get this warning. without actually being able to see what the subject name and subject alternate names are on your certificate i cannot tell you which one you should be using. but looking at SBS management screen i would guess that you need to be using remote.... because that is the configured external FQDN and that is what would have been used when generating the certificate request

How do I get the subject/subject alternate names on the certificates?
I think I'm supposed to be using the mail.domain.com.au

1st Post

You should add additional SANS through the vendor where you purchased your certificate. GoDaddy allows you to add additional SANS to the same certificate on top of what is imported (ie remote.domain.com.au)

basically the cert is wrong for the FQDNthe clients are using to access the RWW and Exchange services of your SBS.

i reckon that remote.domain.com.au and mail.domain.com.au both resolve to the same ip address, and therefore any configuration of client software (eg outlook) should point to the FQDN that is specified in the certificate. Otherwise they will always get this warning. without actually being able to see what the subject name and subject alternate names are on your certificate i cannot tell you which one you should be using. but looking at SBS management screen i would guess that you need to be using remote.... because that is the configured external FQDN and that is what would have been used when generating the certificate request

Yes, they both resolve to 192.168.0.209.

How do I get the subject name and subject alternate name?
How do I go about changing it to the remote.*.com.au FQDN?

If you are going to continue to use the self-signed certificate, you need to rerun the wizard on the SBS console and use the same naming convention of your FQDN (whether its mail or remote). After you have done this, you will need to run the SBS client certificate installer onto the workstations needing OWA access. SBS 2008/11 is different in this regard, as importing the certificate through IE will not achieve what it wants to do.

That being said, I would recommend a UCC certificate as well. Its hard to beat a correctly configured auto-discovery.